package com.gsafety.cloudframework.cfg;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;

@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
	
	 @Override
	 public void configure(HttpSecurity http) throws Exception {
	        // @formatter:off
	        http
	                // Since we want the protected resources to be accessible in the UI as well we need
	                // session creation to be allowed (it's disabled by default in 2.0.6)
	                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
	                .and()
	                .requestMatchers()
	                .anyRequest()
	                .and()
	                .anonymous()
	                .and()
	                .authorizeRequests()
	                
	                .antMatchers("/order/**")//只放行order，其他所有都需要认证
	                .permitAll()
	                .anyRequest()
	                .authenticated();
	                
//	                .antMatchers("/product/**").access("#oauth2.hasScope('select') and hasRole('ROLE_USER')")
//	                .antMatchers("/resource/order/**").authenticated();//配置order访问控制，必须认证过后才可以访问
	        // @formatter:on
	        
	        
	        /**
	         http
	        .formLogin()         //通过formLogin方法定制登陆操作
	        .loginPage("/login") //使用loginPage方法定制登陆页面的访问地址
	        .permitAll()
	        .successHandler(loginSuccessHandler()) //登陆成功后的操作
	        .and()
	        .authorizeRequests()
	        //.antMatchers("/info").permitAll()//访问：/info 无需登录认证权限  
	        .anyRequest()
	        .authenticated();
	         */
	        
	    }

	 @Primary
	 @Bean
	 public RemoteTokenServices tokenServices() {
		 RemoteTokenServices tokenServices = new RemoteTokenServices();
		 tokenServices.setClientId("2c9194445f8a0b26015f8a1123da0002");
		 tokenServices.setClientSecret("OIVlaGT82fX8YeBUjJShw9HOnsPEn1gRg2qHB5AWJFnidMyjjbZnp0Ra6MRbdcvL");
		 tokenServices.setCheckTokenEndpointUrl("http://127.0.0.1:8775/oauth/check_token");
		 return tokenServices;
	 }
	 
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId("order").stateless(true);
        //resources.resourceId(null).stateless(true);//如果是null则不校验resource id
        
        resources.tokenServices(tokenServices());
    }

   
}
